293 lines
11 KiB
Markdown
293 lines
11 KiB
Markdown
# Tender Management System - Dual User Architecture
|
|
|
|
A comprehensive tender management backend system built with Go, featuring separate authentication and authorization for mobile app customers and panel admin users.
|
|
|
|
## 🏗️ Architecture Overview
|
|
|
|
This system implements **Clean Architecture** principles with a dual user system:
|
|
|
|
### User Types
|
|
|
|
1. **Customers (Mobile App Users)**
|
|
- End users who interact through mobile applications
|
|
- Can register, view tenders, manage company profiles
|
|
- Role-based access: `customer_user`, `customer_manager`
|
|
|
|
2. **Panel Users (Admin/Staff)**
|
|
- Administrative users who manage the system
|
|
- Can manage customers, tenders, companies, and system settings
|
|
- Role-based access: `admin`, `moderator`, `support`, `analyst`
|
|
|
|
### Layer Structure
|
|
|
|
```
|
|
┌─────────────────────────────────────────────────────────────┐
|
|
│ Handler Layer │
|
|
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
|
|
│ │ Customer Auth │ │ User Auth │ │ Legacy Auth │ │
|
|
│ │ Handler │ │ Handler │ │ Handler │ │
|
|
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
|
|
└─────────────────────────────────────────────────────────────┘
|
|
┌─────────────────────────────────────────────────────────────┐
|
|
│ Service Layer │
|
|
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
|
|
│ │ Customer Auth │ │ User Auth │ │ Customer │ │
|
|
│ │ Service │ │ Service │ │ Service │ │
|
|
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
|
|
└─────────────────────────────────────────────────────────────┘
|
|
┌─────────────────────────────────────────────────────────────┐
|
|
│ Repository Layer │
|
|
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
|
|
│ │ Customer │ │ User │ │ Company │ │
|
|
│ │ Repository │ │ Repository │ │ Repository │ │
|
|
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
|
|
└─────────────────────────────────────────────────────────────┘
|
|
┌─────────────────────────────────────────────────────────────┐
|
|
│ Domain Layer │
|
|
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
|
|
│ │ Customer │ │ User │ │ Interfaces │ │
|
|
│ │ Entity │ │ Entity │ │ & DTOs │ │
|
|
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
|
|
└─────────────────────────────────────────────────────────────┘
|
|
```
|
|
|
|
## 🚀 Quick Start
|
|
|
|
### Prerequisites
|
|
|
|
- Go 1.23+
|
|
- MongoDB 4.4+
|
|
- Valid MongoDB connection
|
|
|
|
### Setup
|
|
|
|
1. **Clone the repository**
|
|
```bash
|
|
git clone <repository-url>
|
|
cd tm
|
|
```
|
|
|
|
2. **Install dependencies**
|
|
```bash
|
|
go mod download
|
|
```
|
|
|
|
3. **Configure the application**
|
|
```bash
|
|
cp configs/config.example.yaml configs/config.yaml
|
|
# Edit configs/config.yaml with your settings
|
|
```
|
|
|
|
4. **Run database migration**
|
|
```bash
|
|
go run migrations/001_dual_user_system.go
|
|
```
|
|
|
|
5. **Start the server**
|
|
```bash
|
|
go run cmd/api/main.go
|
|
```
|
|
|
|
## 📡 API Endpoints
|
|
|
|
### Mobile App (Customer) Endpoints
|
|
|
|
| Method | Endpoint | Description | Auth Required |
|
|
|--------|----------|-------------|---------------|
|
|
| POST | `/api/v1/mobile/auth/register` | Customer registration | No |
|
|
| POST | `/api/v1/mobile/auth/login` | Customer login | No |
|
|
| POST | `/api/v1/mobile/auth/refresh` | Refresh tokens | No |
|
|
| POST | `/api/v1/mobile/auth/verify-email` | Email verification | Yes |
|
|
| POST | `/api/v1/mobile/auth/change-password` | Change password | Yes |
|
|
| GET | `/api/v1/mobile/auth/profile` | Get customer profile | Yes |
|
|
| POST | `/api/v1/mobile/auth/logout` | Customer logout | Yes |
|
|
|
|
### Admin Panel (User) Endpoints
|
|
|
|
| Method | Endpoint | Description | Auth Required |
|
|
|--------|----------|-------------|---------------|
|
|
| POST | `/api/v1/admin/auth/login` | Panel user login | No |
|
|
| POST | `/api/v1/admin/auth/refresh` | Refresh tokens | No |
|
|
| POST | `/api/v1/admin/auth/change-password` | Change password | Yes |
|
|
| GET | `/api/v1/admin/auth/profile` | Get user profile | Yes |
|
|
| POST | `/api/v1/admin/users` | Create panel user | Admin only |
|
|
| PUT | `/api/v1/admin/users/:id/permissions` | Update permissions | Admin only |
|
|
|
|
### Legacy Endpoints (Backward Compatible)
|
|
|
|
| Method | Endpoint | Description |
|
|
|--------|----------|-------------|
|
|
| POST | `/auth/register` | Generic registration (defaults to customer) |
|
|
| POST | `/auth/login` | Generic login (tries both types) |
|
|
| POST | `/auth/refresh` | Generic token refresh |
|
|
|
|
## 🔐 Authentication & Authorization
|
|
|
|
### Token Structure
|
|
|
|
#### Customer Tokens
|
|
```json
|
|
{
|
|
"customer_id": "uuid",
|
|
"email": "customer@example.com",
|
|
"role": "customer_user",
|
|
"company_id": "uuid",
|
|
"user_type": "customer",
|
|
"type": "access"
|
|
}
|
|
```
|
|
|
|
#### Panel User Tokens
|
|
```json
|
|
{
|
|
"user_id": "uuid",
|
|
"email": "admin@example.com",
|
|
"role": "admin",
|
|
"department": "IT",
|
|
"permissions": ["manage_users", "manage_tenders"],
|
|
"user_type": "user",
|
|
"type": "access"
|
|
}
|
|
```
|
|
|
|
### Middleware Options
|
|
|
|
- `CustomerOnlyMiddleware()` - Mobile users only
|
|
- `UserOnlyMiddleware()` - Panel users only
|
|
- `CustomerRoleMiddleware(roles...)` - Customer role-based access
|
|
- `UserRoleMiddleware(roles...)` - Panel user role-based access
|
|
- `UserPermissionMiddleware(permissions...)` - Fine-grained permissions
|
|
|
|
### Permission System
|
|
|
|
Panel users have granular permissions:
|
|
- `manage_users` - Create/modify panel users
|
|
- `manage_tenders` - Tender management
|
|
- `manage_companies` - Company management
|
|
- `manage_customers` - Customer management
|
|
- `view_reports` - Access reporting
|
|
- `manage_system` - System configuration
|
|
|
|
## 📊 Database Schema
|
|
|
|
### Collections
|
|
|
|
- `customers` - Mobile app users
|
|
- `users` - Panel users (admin/staff)
|
|
- `companies` - Company profiles
|
|
- `tenders` - Tender opportunities
|
|
- `notifications` - System notifications
|
|
|
|
### Sample Data
|
|
|
|
The migration creates sample accounts:
|
|
|
|
**Admin User:**
|
|
- Email: `admin@tendermanagement.com`
|
|
- Password: `admin123!`
|
|
- Role: `admin`
|
|
|
|
**Customer:**
|
|
- Email: `customer@example.com`
|
|
- Password: `customer123!`
|
|
- Role: `customer_user`
|
|
|
|
## 🛠️ Development
|
|
|
|
### Project Structure
|
|
|
|
```
|
|
tm/
|
|
├── cmd/api/ # Application entry point
|
|
├── internal/
|
|
│ ├── domain/ # Business entities & interfaces
|
|
│ ├── service/ # Business logic layer
|
|
│ ├── handler/ # HTTP handlers
|
|
│ ├── repository/ # Data access layer
|
|
│ └── infrastructure/ # External dependencies
|
|
├── pkg/
|
|
│ ├── logger/ # Logging utilities
|
|
│ ├── middleware/ # HTTP middleware
|
|
│ └── response/ # API response utilities
|
|
├── configs/ # Configuration files
|
|
├── migrations/ # Database migrations
|
|
└── docs/ # Documentation
|
|
```
|
|
|
|
### Adding New Features
|
|
|
|
1. **Define interfaces in domain layer**
|
|
2. **Implement business logic in service layer**
|
|
3. **Create HTTP handlers**
|
|
4. **Add repository implementations**
|
|
5. **Wire up in main.go**
|
|
6. **Add appropriate middleware to routes**
|
|
|
|
### Testing
|
|
|
|
```bash
|
|
# Run tests
|
|
go test ./...
|
|
|
|
# Run with coverage
|
|
go test -coverprofile=coverage.out ./...
|
|
go tool cover -html=coverage.out
|
|
```
|
|
|
|
## 🔧 Configuration
|
|
|
|
Key configuration sections:
|
|
|
|
```yaml
|
|
database:
|
|
mongodb:
|
|
uri: "mongodb://localhost:27017"
|
|
name: "tender_management"
|
|
|
|
auth:
|
|
jwt:
|
|
secret: "your-jwt-secret"
|
|
access_token_duration: "15m"
|
|
refresh_token_duration: "7d"
|
|
|
|
server:
|
|
host: "localhost"
|
|
port: 8080
|
|
timeout: "30s"
|
|
```
|
|
|
|
## 🚨 Security Features
|
|
|
|
- **Separate Authentication**: Isolated customer and panel user auth
|
|
- **JWT Tokens**: Stateless authentication with refresh tokens
|
|
- **Password Hashing**: bcrypt with configurable cost
|
|
- **Role-Based Access**: Granular role and permission system
|
|
- **Input Validation**: Comprehensive request validation
|
|
- **CORS Support**: Configurable cross-origin policies
|
|
|
|
## 📈 Monitoring & Logging
|
|
|
|
- **Structured Logging**: JSON-formatted logs with context
|
|
- **Request Logging**: HTTP request/response logging
|
|
- **Error Tracking**: Contextual error information
|
|
- **Health Checks**: `/health` endpoint for monitoring
|
|
|
|
## 🎯 Key Benefits
|
|
|
|
1. **Clear Separation**: Mobile and panel users are completely isolated
|
|
2. **Security**: Each user type has appropriate authentication and authorization
|
|
3. **Scalability**: Clean architecture allows easy feature additions
|
|
4. **Maintainability**: Well-structured code with clear dependencies
|
|
5. **Backward Compatibility**: Legacy endpoints continue to work
|
|
6. **Developer Friendly**: Comprehensive logging and error handling
|
|
|
|
## 📚 Next Steps
|
|
|
|
- [ ] Implement CompanyRepository
|
|
- [ ] Add tender management endpoints
|
|
- [ ] Create notification system
|
|
- [ ] Add file upload functionality
|
|
- [ ] Implement email verification
|
|
- [ ] Add rate limiting
|
|
- [ ] Create API documentation with Swagger
|
|
- [ ] Add comprehensive test coverage |